I have MBAM and MBAE. Why do I need Anti-Ransomware?

Recommended Posts

Malwarebytes believes in a layered approach to security. Each layer has a specific objective and a unique technology to achieve that objective.

In the case of ransomware, we are able to block it in four different layers:

Most ransomware infects using exploit-based delivery mechanisms. In those cases the best protection is to have MBAE in order to proactively prevent the exploit from ever triggering, thereby blocking the infection chain at the earliest step possible before the malware even downloads to the victim computer.

Some ransomware infect using non-exploit based social engineering tactics. For these types of infection vectors MBAM's behavioral patterns, heuristics and signatures is able to detect and block most known (and some zero-day) ransomware from every executing, thereby preventing the infection.

If a ransomware is delivered via social engineering (or if the user does not have MBAE installed) and MBAM is not able to detect it via behavioral patterns, the MBAM Web Blocker most of the times will block the ransomware from downloading the encryption keys from its Command and Control (C&C) server, thereby preventing the encryption of the users' files.

Finally, with Malwarebytes Anti-Ransomware we now have a fourth and extremely effective last line of defense. If (a) the ransomware is delivered via social engineering tactics or the user does not have MBAE,(b) the MBAM behavioral rules do not detect it and (c ) the Web Blocker does not block access to the C&C, then the new Malwarebytes Anti-Ransomware will detect the ransomware activity on the system and block and quarantine it before it is able to encrypt the users' files.

With the above four layers of protection ransomware doesn't stand a chance now against Malwarebytes users. Please make sure you are running all MBAM + MBAE + MBARW alongside each other.

In the future once MBARW comes out of beta we will roll the technology into our consumer and corporate products so that you won't have to deal with multiple separate clients.

In the meantime thank you for your help during this technology beta testing period.